org.springframework.security.acls.model.AccessControlEntry Java Examples

The following examples show how to use org.springframework.security.acls.model.AccessControlEntry. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AclServiceTest.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example #2
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example #3
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example #4
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
        boolean isCaseSensitive) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
    for (AccessControlEntry ace : acl.getEntries()) {
        if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
            continue;
        }
        result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
    }

    return result;
}
 
Example #5
Source File: AclServiceTest.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example #6
Source File: MigrationService.java    From kylin with Apache License 2.0 6 votes vote down vote up
public List<String> getCubeAdmins(CubeInstance cubeInstance) {
    ProjectInstance prjInstance = cubeInstance.getProjectInstance();
    AclEntity ae = accessService.getAclEntity("ProjectInstance", prjInstance.getUuid());
    logger.info("ProjectUUID : " + prjInstance.getUuid());
    Acl acl = accessService.getAcl(ae);

    String mailSuffix = KylinConfig.getInstanceFromEnv().getNotificationMailSuffix();
    List<String> cubeAdmins = Lists.newArrayList();
    if (acl != null) {
        for (AccessControlEntry ace : acl.getEntries()) {
            if (ace.getPermission().getMask() == 16) {
                PrincipalSid ps = (PrincipalSid) ace.getSid();
                cubeAdmins.add(ps.getPrincipal() + mailSuffix);
            }
        }
    }

    if (cubeAdmins.isEmpty()) {
        throw new BadRequestException("Cube access list is null, please add at least one role in it.");
    }
    return cubeAdmins;
}
 
Example #7
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
        boolean isCaseSensitive) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
    for (AccessControlEntry ace : acl.getEntries()) {
        if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
            continue;
        }
        result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
    }

    return result;
}
 
Example #8
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example #9
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example #10
Source File: PermissionSetUtils.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
public static PermissionSet getPermissionSet(AccessControlEntry accessControlEntry) {
  int mask = accessControlEntry.getPermission().getMask();
  switch (mask) {
    case READ_META_MASK:
      return PermissionSet.READMETA;
    case COUNT_MASK:
      return PermissionSet.COUNT;
    case READ_MASK:
      return PermissionSet.READ;
    case WRITE_MASK:
      return PermissionSet.WRITE;
    case WRITEMETA_MASK:
      return PermissionSet.WRITEMETA;
    default:
      throw new IllegalArgumentException(format(UNEXPECTED_MASK_MESSAGE, mask));
  }
}
 
Example #11
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
private void getPermissionResponsesForSingleSid(
    Acl acl, boolean isReturnInheritedPermissions, Set<LabelledPermission> result, Sid sid) {
  PermissionSet ownPermission = null;
  for (AccessControlEntry ace : acl.getEntries()) {
    if (sid.equals(ace.getSid())) {
      ownPermission = PermissionSetUtils.getPermissionSet(ace);
    }
  }
  Set<LabelledPermission> inheritedPermissions = new LinkedHashSet<>();
  if (isReturnInheritedPermissions) {
    inheritedPermissions.addAll(inheritanceResolver.getInheritedPermissions(acl, sid));
  }
  if (ownPermission != null || !inheritedPermissions.isEmpty()) {
    inheritedPermissions = inheritedPermissions.isEmpty() ? null : inheritedPermissions;
    result.add(
        LabelledPermission.create(
            sid,
            entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()),
            ownPermission,
            inheritedPermissions));
  }
}
 
Example #12
Source File: OwnershipDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testAdd() {
  EntityIdentity entityIdentity = new EntityIdentity("MyQuestionnaire", "id");
  when(entity.getString("owner")).thenReturn("username");
  when(entity.getIdValue()).thenReturn("id");
  when(entity.getEntityType()).thenReturn(entityType);
  when(entityType.getId()).thenReturn("MyQuestionnaire");
  AclImpl acl = new AclImpl(entityIdentity, 1, authorizationStrategy, auditLogger);
  acl.insertAce(0, PermissionSet.WRITE, new PrincipalSid("otheruser"), true);
  when(mutableAclService.readAclById(entityIdentity)).thenReturn(acl);

  ownershipDecorator.add(entity);

  verify(delegate).add(entity);
  verify(mutableAclService).updateAcl(acl);
  PrincipalSid ownerSid = new PrincipalSid("username");
  assertEquals(ownerSid, acl.getOwner());
  assertEquals(1, acl.getEntries().size());
  AccessControlEntry ace = acl.getEntries().get(0);
  assertEquals(ownerSid, ace.getSid());
  assertEquals(WRITE, ace.getPermission());
  assertTrue(ace.isGranting());
}
 
Example #13
Source File: OwnershipDecoratorTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testAddStream() {
  EntityIdentity entityIdentity = new EntityIdentity("MyQuestionnaire", "id");
  when(entity.getString("owner")).thenReturn("username");
  when(entity.getIdValue()).thenReturn("id");
  when(entity.getEntityType()).thenReturn(entityType);
  when(entityType.getId()).thenReturn("MyQuestionnaire");
  AclImpl acl = new AclImpl(entityIdentity, 1, authorizationStrategy, auditLogger);
  acl.insertAce(0, PermissionSet.WRITE, new PrincipalSid("otheruser"), true);
  when(mutableAclService.readAclById(entityIdentity)).thenReturn(acl);

  ownershipDecorator.add(Stream.of(entity));

  verify(delegate).add(streamCaptor.capture());
  assertEquals(singletonList(entity), streamCaptor.getValue().collect(toList()));
  verify(mutableAclService).updateAcl(acl);
  PrincipalSid ownerSid = new PrincipalSid("username");
  assertEquals(ownerSid, acl.getOwner());
  assertEquals(1, acl.getEntries().size());
  AccessControlEntry ace = acl.getEntries().get(0);
  assertEquals(ownerSid, ace.getSid());
  assertEquals(WRITE, ace.getPermission());
  assertTrue(ace.isGranting());
}
 
Example #14
Source File: PermissionManagerController.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
private String getPermissionString(AccessControlEntry ace) {
  switch (ace.getPermission().getMask()) {
    case READ_META_MASK:
      return "readmeta";
    case COUNT_MASK:
      return "count";
    case READ_MASK:
      return "read";
    case WRITE_MASK:
      return "write";
    case WRITEMETA_MASK:
      return "writemeta";
    default:
      throw new UnexpectedPermissionException(ace.getPermission());
  }
}
 
Example #15
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetUserPluginPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(pluginIdentity1, acl1);
  acls.put(pluginIdentity2, acl2);
  when(mutableAclService.readAclsById(
          Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2"), ImmutableMultimap.of(plugin1.getId(), "read"));
  assertEquals(expected, permissionManagerController.getUserPluginPermissions("Ipsum"));
}
 
Example #16
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetUserEntityClassPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "writemeta", entityType2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserEntityClassPermissions("Ipsum"));
}
 
Example #17
Source File: AccessServiceTest.java    From kylin with Apache License 2.0 5 votes vote down vote up
@Test
public void testBatchGrant() {
    AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    accessService.batchGrant(ae, sidToPerm);
    MutableAclRecord acl = accessService.getAcl(ae);
    List<AccessControlEntry> e = acl.getEntries();
    Assert.assertEquals(10, e.size());
    for (int i = 0; i < e.size(); i++) {
        Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
    }
}
 
Example #18
Source File: AccessServiceTest.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@Test
public void testBatchGrant() {
    AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    accessService.batchGrant(ae, sidToPerm);
    MutableAclRecord acl = accessService.getAcl(ae);
    List<AccessControlEntry> e = acl.getEntries();
    Assert.assertEquals(10, e.size());
    for (int i = 0; i < e.size(); i++) {
        Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
    }
}
 
Example #19
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testCreateDuplicatePermission() {
  Sid role = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = mock(ObjectIdentity.class);
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(role);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  assertThrows(
      DuplicatePermissionException.class,
      () ->
          permissionsApiService.createPermission(
              Permission.create(
                  new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE)));
}
 
Example #20
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testSetPermissions() {
  Sid sid = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("entity-typeId", "identifier");
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl).when(mutableAclService).readAclById(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(sid);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(sid))).thenReturn(new LinkedList(singletonList(sid)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.updatePermissions(
      singleton(Permission.create(objectIdentity, sid, WRITE)));

  verify(acl).deleteAce(0);
  verify(acl).insertAce(1, WRITE, sid, true);
  verify(mutableAclService, times(2)).updateAcl(acl);
}
 
Example #21
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testDeletePermission() {
  Sid sid = mock(Sid.class);
  MutableAcl acl = mock(MutableAcl.class);
  AccessControlEntry ace = mock(AccessControlEntry.class);
  when(acl.getEntries()).thenReturn(singletonList(ace));
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("entity-typeId", "identifier");
  doReturn(acl).when(mutableAclService).readAclById(objectIdentity, singletonList(sid));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(sid);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  doReturn(acl).when(mutableAclService).readAclById(objectIdentity);

  LinkedHashSet<Sid> sids = new LinkedHashSet<>();
  sids.add(sid);
  when(userRoleTools.sortSids(sids)).thenReturn(new LinkedList<>(sids));

  permissionsApiService.deletePermission(sid, objectIdentity);
  verify(acl).deleteAce(0);
  verify(mutableAclService).updateAcl(acl);
}
 
Example #22
Source File: PermissionTestUtils.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
public static Acl getSinglePermissionAcl(Sid sid, int mask, String name, Acl parentAcl) {
  Acl acl = mock(Acl.class, name);
  AccessControlEntry ace = mock(AccessControlEntry.class);
  when(ace.getSid()).thenReturn(sid);
  Permission permission = mock(Permission.class);
  when(permission.getMask()).thenReturn(mask);
  when(ace.getPermission()).thenReturn(permission);
  when(acl.getEntries()).thenReturn(Collections.singletonList(ace));
  if (parentAcl != null) {
    when(acl.getParentAcl()).thenReturn(parentAcl);
  }
  return acl;
}
 
Example #23
Source File: PermissionServiceImplTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testSetPermission() {
  Sid role = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = mock(ObjectIdentity.class);
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(role);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.updatePermission(
      Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE));

  verify(acl).deleteAce(0);
  verify(acl).insertAce(1, WRITE, role, true);
  verify(mutableAclService, times(2)).updateAcl(acl);
}
 
Example #24
Source File: PermissionSetUtilsTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetPermissionSetInvalidMask() {
  AccessControlEntry accessControlEntry = mock(AccessControlEntry.class);
  Permission permission = when(mock(Permission.class).getMask()).thenReturn(32).getMock();
  when(accessControlEntry.getPermission()).thenReturn(permission);
  assertThrows(
      IllegalArgumentException.class,
      () -> PermissionSetUtils.getPermissionSet(accessControlEntry));
}
 
Example #25
Source File: PermissionSetUtilsTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@ParameterizedTest
@MethodSource("testGetPermissionSetProvider")
void testGetPermissionSet(int mask, PermissionSet permissionSet) {
  AccessControlEntry accessControlEntry = mock(AccessControlEntry.class);
  Permission permission = when(mock(Permission.class).getMask()).thenReturn(mask).getMock();
  when(accessControlEntry.getPermission()).thenReturn(permission);
  assertEquals(permissionSet, PermissionSetUtils.getPermissionSet(accessControlEntry));
}
 
Example #26
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetRoleEntityTypePermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(roleSid);
  when(ace2.getSid()).thenReturn(roleSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(roleSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWrite);
  when(ace2.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "write", entityType2.getId(), "read"));

  assertEquals(expected, permissionManagerController.getRoleEntityClassPermissions("ONE"));
}
 
Example #27
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
private void deleteAce(Sid sid, MutableAcl acl) {
  int nrEntries = acl.getEntries().size();
  boolean updated = false;
  for (int i = nrEntries - 1; i >= 0; i--) {
    AccessControlEntry accessControlEntry = acl.getEntries().get(i);
    if (accessControlEntry.getSid().equals(sid)) {
      acl.deleteAce(i);
      updated = true;
    }
  }
  if (updated) {
    mutableAclService.updateAcl(acl);
  }
}
 
Example #28
Source File: PermissionInheritanceResolver.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
private PermissionSet getPermissionsForAcl(Acl acl, Sid sid) {
  PermissionSet ownPermission = null;
  for (AccessControlEntry ace : acl.getEntries()) {
    if (ace.getSid().equals(sid)) {
      ownPermission = PermissionSetUtils.getPermissionSet(ace);
    }
  }
  return ownPermission;
}
 
Example #29
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetUserPackagePermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(packageIdentity1, acl1);
  acls.put(packageIdentity2, acl2);
  acls.put(packageIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(packageIdentity1, packageIdentity2, packageIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(package1.getId(), "writemeta", package2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserPackagePermissions("Ipsum"));
}
 
Example #30
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetRolePluginPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(roleSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(pluginIdentity1, acl1);
  acls.put(pluginIdentity2, acl2);
  when(mutableAclService.readAclsById(
          Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(roleSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2"), ImmutableMultimap.of(entityType1.getId(), "read"));
  Permissions actual = permissionManagerController.getRolePluginPermissions("ONE");
  assertEquals(expected, actual);
}